Network Break digs into the partnership between Cisco and Ericsson and what it might mean for competitors and the market. We also look at new products and the latest (distressing) privacy news.
The post Network Break 62: Cisco, Ericsson Team Up; UK Asks For Backdoors appeared first on Packet Pushers.
SDN, NFV and IoT: CENGN worked on them as the OPNFV was forming.
Achieving very low latencies takes special engineering, but if you are a SaaS company latencies of a few hundred milliseconds are possible for complex business logic using standard technologies like load balancers, queues, JVMs, and rest APIs.
Itai Frenkel, a software engineer at Forter, which provides a Fraud Prevention Decision as a Service, shows how in an excellent article: 9.5 Low Latency Decision as a Service Design Patterns.
While any article on latency will have some familiar suggestions, Itai goes into some new territory you can really learn from. The full article is rich with detail, so you'll want to read it, but here's a short gloss:
It doesn’t happen often that a country with hundreds of prefixes is affected by a massive outage, however earlier today this unfortunately happened to Azerbaijan. Starting at 12:04 UTC approximately 94% of the prefixes out of Azerbaijan became unreachable. At the time of writing the outage is still active.
The event was reported on @bgpstream and details plus a replay can be found here: https://bgpstream.com/event/7981
The image below shows the impact on traffic from Azerbaijan to OpenDNS. It’s clear that almost all of the traffic from Azerbaijan disappeared at the time of outage.
Traffic from Azerbaijan
The main Internet Service provider in Azerbaijan is AS29049, Delta Telecom Ltd. The majority of the country relies on Delta Telecom for connectivity to the rest of the Internet. The outage is reportedly the result of a fire damaging the equipment of Delta Telecom. As a result all routes for AS29049, Delta Telecom Ltd. and all of the networks that rely on Delta Telecom disappeared from the Internet.
The graph below shows the number of prefixes observed in the BGP routing tables for Azerbaijan. Clearly visible is the drop in reachable networks starting at 12:04.
Visible BGP prefixes for Azerbaijan
Networks out of Continue reading
The post Worth Reading: The Future of Networking appeared first on 'net work.
In case you’re confused about the modern state of security, let me give you a short lesson.
Your network is pictured to the left. When I first started working on networks in the USAF we were just starting to build well designed DMZs, sort of a gate system for the modern network. “Firewalls” (a term I’m coming to dislike immensely), guard routers, VPN concentrators, and other systems were designed to keep your network from being “penetrated.” Standing at the front gate you’ll find a few folks wearing armor and carrying swords, responsible for letting only the right people inside the walls — policies, and perhaps even an IDS or two.
The world lived with castles for a long time — thousands of years, to be precise. In fact, the pride of the Roman Legion really wasn’t the short sword and battle formation, it was their ability to work in concrete. Certainly they had swords, but they could also build roads and walls, as evidenced by the Roman style fortifications dotting the entire world.
But we don’t live inside concrete walls any longer. Instead, our armies today move on small and large vehicles, defending territory through measure and countermeasure. They gather Continue reading
I have been running some QoS tests lately and wanted to share some of my results. Some of this behavior is described in various documentation guides but it’s not really clearly described in one place. I’ll describe what I have found so far in this post.
QoS is only active during congestion. This is well known but it’s not as well known how congestion is detected. the TX ring is used to hold packets before they get transmitted out on an interface. This is a hardware FIFO queue and when the queue gets filled, the interface is congested. When buying a subrate circuit from a SP, something must be added to achieve the backpressure so that the TX ring is considered full. This is done by applying a parent shaper and a child policy with the actual queue configuration.
The LLQ is used for high priority traffic. When the interface is not congested, the LLQ can use all available bandwidth unless an explicit policer is configured under the LLQ.
A normal queue can use more bandwidth than it is guaranteed when there is no congestion.
When a normal queue wants to use more bandwidth than its guaranteed, it can if Continue reading